On October 29, 2020, the FTC hosted its most recent “Green Lights & Red Flags” workshop. This virtual workshop focused on recent fraud patterns, advertising compliance, and data security.

Fraud Fashioned Under COVID-19. The pandemic’s effect on the consumer protection world was front and center at this year’s workshop. According to Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, as of October 27, the FTC has received over 236,000 COVID-19 related reports from consumers and COVID-19 related fraud has resulted in losses of approximately $169 million.

Common COVID-19 related scams, according to workshop speakers, include: false claims that an entity can help a business obtain loans through the CARES Act or SBA in exchange for money, failure to ship paid-for PPE, and unlawful cash advances to struggling businesses. These scams thrive off the public’s general but shallow familiarity with COVID-19 related terms like the “CARES Act,” says Rebecca Schlag, Senior Assistant Attorney General of the Consumer Protection Section in the Ohio AG’s Office.

The FTC’s Response. FTC speakers emphasized that the best way businesses may avoid committing these and other fraudulent schemes is education regarding FTC regulations. For example, Mr. Smith encouraged businesses to consult the FTC’s guidance on whether and how an entity may claim affiliation with the SBA.

Though Mr. Smith stated that the FTC’s first avenue to consumer protection is education, he made it clear that the FTC is not shy about law enforcement. Specifically, he cited “warning letters” as a recently popular FTC tool. Businesses that receive warning letters regarding FTC violations have 48 hours to respond and must promptly fix any non-compliance issues. If they do not, Mr. Smith says, the FTC will quickly follow with a lawsuit.

Data Security in the Age of COVID-19. The data security field also faces new challenges in this pandemic. According to Melissa Smith, Assistant Section Chief of the Consumer Protection Section in the Ohio AG’s office, many of these challenges arise from the fact that employees have “gone from a corporate environment with robust IT security” to remote, unprotected wireless networks.

To prevent data security breaches, Ms. Smith advises that businesses take stock of personal identifying information it has. If your business no longer needs this information, it should properly dispose of it. “You don’t want to be responsible for more information than you need to be,” says Ms. Smith.

Multiple speakers indicated that the best response to a data security breach is having a good plan in place. As part of that plan, businesses need to know who to notify in the event of a breach – and one contact on that list should be the business’s attorney. As noted during the workshop, all states have some type of breach notification law and in some states, you have just days to notify the proper authorities; thus, not knowing who to contact in the event of a breach could lead to an untimely notification and greater legal exposure.

Key Takeaways. Common to all workshop speakers was the need for a business to educate all of its employees as to best data security practices and FTC compliance. The FTC’s priority is encouraging proactive education about its regulations and acknowledges that compliance education is key to avoiding FTC enforcement actions.